CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis

Blake Johnson; Rahul Simha

doi:10.5220/0013176200003899

CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis

Blake Johnson, Rahul Simha

2025

Abstract

This paper describes CASTL (Composable Auditing and Security Tree-optimized Language), a new source code query language focused on security analysis. The widespread implementation of static analysis for vulnerability identification suggests the need for capable, approachable code query languages for security analysts. Languages customized for the unique properties of code can be more expressive and performant than generic solutions. CASTL features a familiar SQL-style syntax, with inputs and outputs consisting of sets of abstract syntax trees (ASTs). This abstraction enables the advantages of (1) composability (the output of one query can become the input to another), (2) direct querying of the code’s structure and metadata; (3) tree-specific language optimizations for performance; and (4) applicability to any AST-based language. Complex queries can be expressed in a compact, straightforward manner. Common vulnerabilities, including buffer overflows, ingestion, and server side request forgery (SSRF) (Christey and Martin, 2007) translate into simple, readable CASTL queries. We describe CASTL and its capabilities, compare it to alternatives, finding potential advantages in clarity and compactness, discuss features and optimizations improving effectiveness and efficiency, and finally describe an example implementation applying CASTL to millions of Java source files.

Download

Paper Citation

in Harvard Style

Johnson B. and Simha R. (2025). CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 283-290. DOI: 10.5220/0013176200003899

in Bibtex Style

@conference{icissp25,
author={Blake Johnson and Rahul Simha},
title={CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={283-290},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013176200003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis
SN - 978-989-758-735-1
AU - Johnson B.
AU - Simha R.
PY - 2025
SP - 283
EP - 290
DO - 10.5220/0013176200003899
PB - SciTePress